My ramblings about all things technical

Tag Archives: vRealize Automation

Yesterday after a few weeks of studying during my spare time (which is limited due to work and family) I sat the VCP7-CMA and am pleased to say I passed I do have to give a disclaimer though that I was white labelled VMware PSO for a number of years and delivered enterprise level vRA deliveries and attempted but sadly failed my VCDX6-CMA two years ago so I didn’t start with zero knowledge.

Resources used

Due to having worked with and used vRealize Automation in my past my studying focused around reminding myself of pieces seeing as I haven’t touched vRA in almost three years and also updating my knowledge on some of the recent changes. I largely used the study resources listed on my blog here: https://thesaffageek.co.uk/vsphere-6-x-cma-study-resources/vcp6-cma/ but read and watched the “what’s new in vRA7” videos and blog postings out there as well.

The exam I found didn’t really require you to have any real world hands on experience and if someone read all the recommended resources I think you could pass it.

The exam

The exam consists of 85 multiple choice questions and you have 90 minutes to do the exam. I got a 355 out of 500 and I know I got ones wrong where it asked you console questions where unless by chance you’ve used it recently you’d have to have an educated guess like I did. The questions aren’t very long and only one or two were worded a bit strangely. I took my time and reviewed a few questions at the end where I had marked them if it took me more than a minute to decide an answer.

Good luck if you are looking to take the exam, I think it’s more than achievable and the recommended resources will give you a good idea what to learn and also set you up in the event you want to start using vRA.

Knowledge

Evaluate logical performance considerations for a given vRealize Automation solution.

Performance considerations will be the number of virtual machines the solution has to provide sufficient resources for as well as future growth (20% growth over the next 3 years) . This is very much like vSphere sizing but now with the speed with which solutions can be created, modified and deleted especially if you are doing CDCI you need to also prepare for the number of continuous deployments and workflows at once. For example a DEM worker can only process 15 concurrent workflows at a time so if you are likely to be doing 60 workflows simultaneously due to the lifecycle of your machines then you are going to need at least four DEM workers to be deployed to handle this.

Performance also entails using mechanisms such as Storage DRS to automatically load balance provisioned workloads as they are requested, DRS to load balance the workloads across the hosts in the solution and performance of the vRA management components by isolating them in a management cluster, ensuring they are load balanced so one side isn’t always hit and the other is doing nothing. They don’t mention it in the tools but for this section and the exam as a whole I would recommend reading the latest vCAT documentation as well as the vRA 6.2 Reference Architecture document .

Differentiate infrastructure qualities related to performance.

Just like I have mentioned for the availability and management sections, the infrastructure quality for performance will need to be applied to certain requirements and designs decisions in the exam via drag and drop questions (I have done the exam so I am basing this on experience) . The performance infrastructure quality is defined as:

Indicates the effect of a design choice on the performance of the environment. This does not necessarily reflect the impact on other technologies within the infrastructure.

Key metrics:

Response time

Throughput

Analyze the current performance of an environment and address gaps when building a logical design.

So this is down to you deploying the vRA solution in an existing environment where there are workloads running and you need to analyse the performance of the environment to ascertain if the environment meets the performance requirements or if additional resources/another environment is required for the solution to work.

There are a number of methods to do this:

Get a VMware partner or VMware to run an analysis via VMware Capacity Planner to work out what your current environment is doing.

Use vRealize Operations Manager to give you a current state analysis as well as use historical data to work out trends and if there are month end increases in performance requirements or seasonal increases depending on the company’s business.

vSphere performance charts can also give you a not bad idea of what is happening if the above two aren’t possible as well as 3rd party tools.

Use a conceptual design to create a logical design that meets performance requirements.

In the conceptual design you will have defined and signed off the requirements. In these requirements there should be a number of them that apply to the performance infrastructure quality for example “The solution must be able to support the provisioning of 500 workloads a day” and “the solution must be able to service 5000 workloads with a 20% increase year on year for the next five years”

You will also have requirements where due to BC/DR requirements you will need spare capacity in the event of a failure so for example “The production workloads in Site A which makes up 20% of the 5000 workloads need to run on the secondary site in the event of a planned or emergency failover” .

Determine performance-related functional requirements based on given non-functional requirements and service dependencies.

Non-functional requirements are normally constraints imposed by the customer so for example the customer has defined you have to use existing networking in the datacentres and these are only 1GB switches which will severely impact what is possible from the solution. So if we keep to my example then having a service dependency that needs to talk to a physical SQL server where large amounts of data is transferred between the services to the database a single 1 GB link won’t be sufficient so either the service will have to be scaled down or the SQL database created as part of the service to allow inter virtual switch connectivity thereby allowing higher network throughputs.

Incorporate scalability requirements into the logical design.

This has been covered above already but what they are looking for is for you to design for future growth of the environment as the number of workloads increases and/or the amount of workload requests increases. The vRealize Automation reference architecture document also gives great coverage of scalability

Determine a performance component for service level agreements and service level management processes.

I covered this in the availability section where you have done a business impact analysis and worked out what theirs RPO and RTO values are. Part of availability also ties into performance as if the solution is running so slowly that users can’t use it then the service is essentially down and SLA’s are possibly not being met.

Knowledge

Evaluate which management services can be used with a given vRealize Automation Solution.

Management of vRealize Automation is achieved via various methods and solutions. You have management of the underlying vSphere infrastructure via the vSphere client and web client, management and monitoring of both vSphere and vRA via vRealize Operations with management packs for vRA, logging via vRealize LogInsight, change management via third part CMDB tools as well as VMware tools such as vRealize Configuration Manager and Hyperic.

There is also the standard vRA management via the vRA portal and the VAMI portals for management of the vRealize Appliances. I haven’t done the exam but based on previous exam experience I would make sure you know what tabs and options there are for all the vRA VAMI portals.

Differentiate infrastructure qualities related to management.

I partly covered this in the previous 2.3 posting, what they are likely to do from previous experience ( I have not done the exam nor the beta) is to give you a whole bunch of infrastructure qualities and you have to match them up. Manageability is all about ease of management and having the most optimal amount of manageability without impacting other infrastructure qualities or any of the requirements.

Build interfaces into the logical design for existing operations practices.

My take on what they are looking for here is that the customer you are doing the design for has existing operations practices and solutions and you need to take these into account and then design the solution to meet these. So for example if the customer has a CMDB and every time a machine is requested, built, edited and destroyed CI’s need to be passed to the CMDB to track these changes. Another example is syslogging and setting up syslog’s to go to a customer existing logging solution. Reading through the reference architecture and getting an understanding of what kinds of external solutions and services you might need to plug in to is great prep for this. Also adding the vRA management to AD,NTP,SNMP and DNS is very applicable and is required for all deployments (maybe not SNMP for every one)

Address operational readiness deficiencies.

This is where either the customers IT team who are going to look after the solution when you leave aren’t skilled up enough or they don’t have anyone to manage it at all (I’ve seen both in my experience). To fix this knowledge transfer workshops are required, or to link to the manageability infrastructure quality you simplify management as much as possible and try use their existing management mechanisms if they fit so allow easier management of the solution building on existing knowledge. You can also put it as a constraint the lack of existing knowledge to manage the solution and the risk mitigation is training of the team via formal training or learning from yourself and/or the person deploying the solution. You should also read the recommended Operational Readiness Assessment document from VMware.

Define Event, Incident and Problem Management practices.

These are where the logging of the solution and the management of the solution by tools such as vROps, LogInsight, vSphere alarms and event management via 3rd party tools such as Arcsight. The use of LogInsight and vROps is a great combination as they integrate brilliantly together and with the use of the management packs for vRA and LogInsight give amazing manageability of events, incident and problems with intelligent alarms. These can also be tracked by tools such as Service Now which is a fairly popular option for large enterprises in my experience and VMware have even written blogs about the integration http://blogs.vmware.com/management/2015/01/integrating-vrealize-automation-servicenow.html

Determine request fulfilment and release management processes.

Request fulfilment I am taking as the fulfilment of all the required parameters to provision as service from the vRA catalogue. You would do this via the service design that you have done for each service where you have defined what parameters need to be fed in and that incorrect values aren’t inserted to ensure service requests are successful. In regards to ASD this is where you make sure the request form is using optimal selection boxes to make sure letters aren’t used where only number should be inserted and drop down lists are used so that only applicable options can be selected.

Release management would also be done in the service design document although it might be the same across all the service offerings or might differ per service offering based on the lifecycles. This would be the definition of when new blueprints are published, where they are published, who they are published to and version control.

Define change management processes based on business requirements.

Change management can be done via logging to ensure if any changes are made they are tracked, this can also be done via the Service Now method I mentioned earlier as well as change management via vRealize Configuration Manager. During design workshops you should ascertain what change management processes they need to follow and then make sure those are met via usage of API’s to the CMDB solution or logging to LogInsight or Arcsight for example.

Based on customer requirements, identify required reporting assets and processes.

Very much like above the customer will define what kind of reporting they are looking for or what you think they should be getting and then producing these reports via tools such as vROps or LogInsight. For the exam I think they are going to have certain reporting requirements given to you such as the Infrastructure manager wants to get a daily report around any alerts that were found in vRA for the past day or sent an email if an alarm is triggered in vRA.

Knowledge

Evaluate which logical availability services can be used with a given vRealize Automation solution.

For logical availability services this comes down to making sure there are multiple instances of a component if possible and that it is load balanced either via a physical load balancer like F5 or a virtual one like NSX and it is protect via HA and DRS rules are configured for anti-affinity for hosts placement and storage placement. I did a blog posting about designing an enterprise level distributed VRA . As you can see from the diagram I have split out the vRA appliances, IaaS Managers, IaaS Web servers, DEM workers and vSphere Agents and load balanced all the management components via NSX load balancers. The exam is supposedly based on vRA 6.2 so the postgres database is now clusterable between the vRA appliances so it being on an external vRA appliance instance isn’t required anymore.

Analyze a vRealize Automation design and determine possible single points of failure.

I think this is really self-explanatory as you need to understand how a highly available design is achieved and then pick up on any SPOF. For example if the vRA databases are on a SQL installation that isn’t clustered or protected by HA then this is a SPOF.

Determine potential availability solutions for a logical design based on customer requirements.

Create an availability plan, including maintenance processes.

Here is where in an ideal world you have done a Business Impact Analysis and determined what their RTO and RPO values are and then started to work out how various design methods and solutions can ensure these SLA’s are maintained as well as maintenance windows where these SLA’s don’t apply. Rene’s posting I mentioned earlier gives a brilliant amount of ideas of what to think about to ensure availability of a solution.

This is a part of an design where you need to holistically look at the design and ensure if one decision is made it doesn’t cause impacts to requirements or other decisions and if so if it is worth keeping that method or changing the other one. For example if you are requested to provide 99.999% of availability then this is going to cost the customer a serious amount but also some high level solutions are going to be required to ensure this is met which can impact manageability if the current team don’t have the skill set to manage it once you walk out the door.

Due to my decision to aim for my VCDX6-CMA this year and thereby to get it in in time for the only VCDX-CMA defence of the year (so far) I have signed up for the VCAP6-CMA Design beta exam. I’ve been working on a very large-scale vRA 6.2 project for the past 14 months and so I hope this experience of designing and building it as well as my preparations via these objectives breakdown (plus my study resources) and using some of my VCDX5-DCV knowledge will help me. So I thought I would slowly post up each objective for my own benefit but also hopefully help other people looking to pass the VCAP6-CMA Design exam (beta or GA).I will be consolidating all the objectives on my blog page here.

Knowledge

Evaluate the customer-s current capacity requirements.

This can be done by a few methods, the most common two is via capacity planner which is a tool open to VMware partners and VMware themselves which evaluates the current customers environment for a number of weeks and the gives you an output of what is being consumed. The other which I’m certain they will be using for the exam especially seeing as it is one of the study tools recommended for this objective is vRealize Operations. vRealize Operations will give you great indications their current capacity and if it is enough for the solution you are looking to design or not. There is also a management pack for vRealize Operations for vRA so knowing about this and a good base understanding of how vRealize operations works is highly beneficial. The following resources should give you that base knowledge around vROps as well as vRealize Business/ITBM:

Categorize existing workloads.

Again this can be done via vROps and via the usage of dashboards or just via the built in categories provided by vROps. Apart from this I personally can’t see any other ways to cover this piece so if you think of anything then please do let me know.

Recognize organizational structure and governance requirements.

Governance for companies is a major design challenge but is also one of the biggest requirements you have to meet during a project. There are a wide range of governance policies out there from PCI to security hardening to HIPAA. For this piece I am taking it that during a design scenario the customer will mention some kind of governance they need to keep to and this decision will obviously impact how the solution is designed.

Organisational structure is understanding different departments and their possible requirments for separation and seeing as vRealize Business is mentioned in the study tools in the exam blueprint then the ability of vRB to do show-back and chargeback on different departments/Business Groups within vRA.

Analyze application architecture.

This is a lot like a previous sections requirements where you need to understand how an application is architected to meet the requirements of the application. As I mentioned this can be done via your design workshops with the application owners and via vRealize Infrastructure Navigator. Once you have an understanding this can then be mapped out in Application services or via the usage of multi-machine blueprints to name but two options. What they are going to test you on here is most likely diagrams of applications and then understanding how they are configured. Or possibly even a Visio style diagram where you have to take their text information and design the applications architecture in “AS”. Practicing doing this kind of design in Visio is a great way of practicing this skill.

Now that my VCDX defence is over and hopefully I’ve done enough to be awarded an illustrious number I can pick up my old responsibilities for the EMEA vBrownbag of which I am one of the hosts and decided that the VCP6-CMA track would be a great one to do.

We are going to be going through the blueprint in order so that it is easy to follow and watch as well if you are subscribed to the iTunes feed. So starting next week Tuesday at 7pm GMT (Clocks have changed in Europe so this is GMT not BST) we will be doing objective 1 and it is being covered by one of the co-hosts of the vBrownbag, Frank Buechsel. You can register for the series and future vBrownbag EMEA sessions via the following link https://attendee.gotowebinar.com/register/8540909933274906113 and can also subscribe to the vBrownbag YouTube channel.

If you are interested in covering an objective on the vBrownbag then please get touch as we are always looking for presenters.

Recently I was fortunate enough to design and build an enterprise level distributed installation of the vRealize Automation suite of products and integrate it into an enterprise environment. I’ve done several vRA/vCAC deployments before but each time I do a new deployment I like to collate information, read all the latest articles and make sure what worked in the past for me hasn’t changed or more likely has been enhanced so I can provide an even better deployment.

For those unsure of what an enterprise distributed deployment comprises of I have added a logical diagram below (click on the picture to expand it as it is fairly large)

For my current deployment it was based on vRealize Automation 6.1 due to it being part of an EMC Hybrid Cloud deployment but the architecture and layout are exactly the same for 6.2. (note this is defined after collecting customer requirements based on amount of workloads, NSX load balancing and the requirement of application services so make sure you have reasons for design decisions)

Resources

For the resources I used, some are ones I used in the past to learn how to do an enterprise deployment and some are ones I re-read prior to this deployment. I have listed them below to save me looking for them again but also to maybe help other people:

The first place anyone should start is the vRA documentation centre which has a large portion of the vRA documentation you will need to have read and at some points follow along with to do your deployment.

One challenge when deploying an enterprise level deployment of vRA is that you should at a minimum use internally signed certificates. For vRA if you are changing one on the components then you need to change all of them or else you will have a plethora of problems (I have spent countless hours in the past helping companies who have tried their own PoC , have only changed a few certificates and then deployed workloads that they now want to keep). For this portion I like to follow Eiad Al-Aqqad’s resources as to me they seem really straight forward and have worked really well in the past

NB: Make sure when importing the certificate into the appliances remember to remove the bag attributes at the beginning of the PEM file and start from —BEGIN CERTIFICATE—– until ——–END CERTIFICATE————-

Once you have the certificates prepared then you can start the deployments. I used the identity appliance rather than the vCenterSSO due to the identity appliance following the same upgrade schedule as all the other vRA components and in the past I have hit a few problems due to people using vCenter SSO. There are positives and negatives of using SSO so make sure you look at both options and select the correct option for your deployment. The official documentation is good but I also used Emad and Grants blogs for the deployment of the identity appliance

Next portion is the configuration of the external vPostgres database and for this I used the vRA appliance and disabled the services that were not required. For this i used the official documentation. If you don’t know how to deploy the vRA appliances then go to the next step , follow that then come back to this step (Although I do worry if you don’t know how to deploy an appliance)

Next are the IaaS components. This is SO MUCH easier than the vCAC 4.1 days now that there is the pre-req script. The script can be found here. Before installation of the IaaS components ensure you have ntrights.exe downloaded, a windows iso attached to the virtual machine (2012 requires this but 2008 never did) and java 7u75 downloaded in an easily searchable folder (java version is correct as of this posting). For these steps I was going to break it down into a few blog postings but fellow vBrownbag member, Jonathan Frappier has done such a cracking job I recommend you follow his:

Now that the components are installed it is time to grant permissions, create the required tenant/s for your cloud workloads apart from the default tenant and create all the business groups. Again Jonathan has broken this down brilliantly and this is what I re-read prior to my deployments

Now on to the application services, adding and preparing of vSphere templates and creating entitlements so that services can be requested. Again Jonathan has covered it perfectly ( as does the official documentation that you should be following alongside these)

Now for the vRO deployment as well as including NSX into vRA and installing the NSX plug-in to the vRO server. For vRO I used the windows method rather than the appliance route due to us being unable to do multi-hop WinRM using the PowerShell plugin when we need to run PowerShell scripts locally on multiple servers rather than locally on the vRO server. For this I used Sid Smith’s articles as well as the standard VMware documentation:

Received a “Failed to retrieve form from provider” when requesting a catalog item in vRA (this is using multi-machine rather than application services). This error is one I still have a ticket with engineering open for as what is happening is that when we do a quiesced backup of the vRO database this at times causes one of the vRO nodes to stop due to a timeout in connectivity to the database. Currently the only way fix is to start the stopped node. I will update this if/when VMware engineering give a realistic solution.

If you are unsure about any of the portions mentioned or want to know more, you can ask VMware Professional Services for whom I did this design and deployment or Xtravirt who are a VMware partner, to come in and help you with the design/configuration of your environment.